Skip to main content
SpringerLink
Log in

Practical Evaluation of Passive COTS Eavesdropping in 802.11b/n/ac WLAN

  • Conference paper
  • First Online:
Book cover Cryptology and Network Security (CANS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11261))

Included in the following conference series:

Abstract

In this work, we compare the performance of a passive eavesdropper in 802.11b/n/ac WLAN networks. In particular, we investigate the downlink of 802.11 networks in infrastructure mode (e. g. from an access point to a terminal) using Commercial-Of-The-Shelf (COTS) devices. Recent 802.11n/ac amendments introduced several physical and link layer features, such as MIMO, spatial diversity, and frame aggregation, to increase the throughput and the capacity of the channel. Several information theoretical studies state that some of those 802.11n/ac features (e. g. beamforming) should provide a degradation of performance for a passive eavesdropper. However, the real impact of those features has not yet been analyzed in a practical context and experimentally evaluated. We present a theoretical discussion and a statistical analysis (using path loss models) to estimate the effects of such features on a passive eavesdropper in 802.11n/ac, using 802.11b as a baseline. We use Signal-to-Noise-Ratio (SNR) and Packet-Error-Rate (PER) as our main metrics. We compute lower and upper bounds for the expected SNR difference between 802.11b and 802.11n/ac using high-level wireless channel characteristics. We show that the PER in 802.11n/ac increases up to 98% (compared to 802.11b) at a distance of 20 m between the sender and the eavesdropper. To obtain a PER of 0.5 in 802.11n/ac, the attacker’s maximal distance is reduced by up to 129.5 m compared to 802.11b. We perform an extensive set of experiments, using COTS devices in an indoor office environment, to verify our theoretical estimations. The experimental results validate our predicted effects and show that every amendment add extra resiliency against passive COTS eavesdropping.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In this work we always use the word antennas rather than antennae.

References

  1. Arbaugh, W.A., et al.: Real 802.11 Security: Wi-Fi Protected Access and 802.11 i. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)

    Google Scholar 

  2. Bernaschi, M., Ferreri, F., Valcamonici, L.: Access points vulnerabilities to dos attacks in 802.11 networks. Wirel. Netw. (2008)

    Google Scholar 

  3. Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: Proceedings of the 7th Annual International Conference on Mobile Computing and Networking. ACM (2001)

    Google Scholar 

  4. Cheng, Y.-C., Bellardo, J., Benkö, P., Snoeren, A.C., Voelker, G.M., Savage, S.: Jigsaw: solving the puzzle of enterprise 802.11 analysis. In: Proceedings of Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM) (2006)

    Google Scholar 

  5. Cisco: Cisco’s visual networking index forecast projects nearly half the world’s population will be connected to the internet by 2017 (2013). https://newsroom.cisco.com/press-release-content?articleId=1197391

  6. Coleman, D.D., Westcott, D.A.: CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-106. Sybex (2014)

    Google Scholar 

  7. Crow, B.P., Widjaja, I., Kim, L.G., Sakai, P.T.: IEEE 802.11 wireless local area networks. IEEE Commun. Mag. (1997)

    Google Scholar 

  8. Dong, L., Han, Z., Petropulu, A.P., Poor, H.V.: Improving wireless physical layer security via cooperating relays. IEEE Trans. Sig. Process. 58, 185–1888 (2010)

    MathSciNet  MATH  Google Scholar 

  9. Goldsmith, A.: Wireless Communications. Cambridge University Press, Cambridge (2005)

    Book  Google Scholar 

  10. Gopala, P.K., Lai, L., El Gamal, H.: On the secrecy capacity of fading channels. IEEE Trans. Inf. Theory 54, 4687–4698 (2008)

    Article  MathSciNet  Google Scholar 

  11. Gummadi, R., Wetherall, D., Greenstein, B., Seshan, S.: Understanding and mitigating the impact of RF interference on 802.11 networks. ACM SIGCOMM Comput. Commun. Rev. 37, 385–396 (2007)

    Article  Google Scholar 

  12. Hero, A.: Secure space-time communication. IEEE Trans. Inf. Theory 49, 3235–3249 (2003)

    Article  MathSciNet  Google Scholar 

  13. Hiertz, G.R., Denteneer, D., Stibor, L., Zang, Y., Costa, X.P., Walke, B.: The IEEE 802.11 universe. IEEE Commun. Mag. 48, 62–70 (2010)

    Article  Google Scholar 

  14. IEEE: IEEE standard for information technology-telecommunications and information exchange between systems local and metropolitan area networks-specific requirements - part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications (2016). http://standards.ieee.org/getieee802/download/802.11-2016.pdf

  15. Kolias, C., Kambourakis, G., Stavrou, A., Gritzalis, S.: Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun. Surv. Tutor. 18, 184–208 (2016)

    Article  Google Scholar 

  16. Leung-Yan-Cheong, S.K., Hellman, M.E.: The Gaussian wire-tap channel. IEEE Trans. Inf. Theory 24, 451–456 (1978)

    Article  MathSciNet  Google Scholar 

  17. Martin, S.: Directional Gain of IEEE 802.11 MIMO Devices Employing Cyclic Delay Diversity (2013)

    Google Scholar 

  18. Mishra, A., Shin, M., Arbaugh, W.: An empirical analysis of the IEEE 802.11 MAC layer handoff process. ACM SIGCOMM Comput. Commun. Rev. 33, 93–102 (2003)

    Article  Google Scholar 

  19. Mukherjee, A., Swindlehurst, A.L.: Robust beamforming for security in MIMO wiretap channels with imperfect CSI. IEEE Trans. Sig. Process. 59, 351–361 (2013)

    Article  MathSciNet  Google Scholar 

  20. Oggier, F., Hassibi, B.: The secrecy capacity of the MIMO wiretap channel. In: IEEE Transactions on Information Theory (2011)

    Google Scholar 

  21. Ong, E.H., Kneckt, J., Alanen, O., Chang, Z., Huovinen, T., Nihtilä, T.: IEEE 802.11 ac: enhancements for very high throughput WLANs. In: 2011 IEEE 22nd International Symposium on Personal Indoor and Mobile Radio Communications (PIMRC). IEEE (2011)

    Google Scholar 

  22. Peppas, K.P., Sagias, N.C., Maras, A.: Physical layer security for multiple-antenna systems: a unified approach. IEEE Trans. Commun. 64, 314–328 (2016)

    Article  Google Scholar 

  23. Perahia, E., Stacey, R.: Next Generation Wireless LANs: 802.11 n and 802.11 ac. Cambridge University Press, Cambridge (2013)

    Book  Google Scholar 

  24. Pöpper, C., Tippenhauer, N.O., Danev, B., Capkun, S.: Investigation of signal and message manipulations on the wireless channel. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 40–59. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_3

    Chapter  Google Scholar 

  25. Prabhu, V.U., Rodrigues, M.R.: On wireless channels with \(M\)-antenna eavesdroppers: characterization of the outage probability and-outage secrecy capacity. IEEE Trans. Inf. Forensics Secur. 6, 853–860 (2011)

    Article  Google Scholar 

  26. Robyns, P., Bonné, B., Quax, P., Lamotte, W.: Exploiting WPA2-enterprise vendor implementation weaknesses through challenge response oracles. In: WiSec. ACM (2014)

    Google Scholar 

  27. Sheth, A., Doerr, C., Grunwald, D., Han, R., Sicker, D.: MOJO: a distributed physical layer anomaly detection system for 802.11 WLANs. In: Proceedings of the 4th International Conference on Mobile Systems, Applications and Services. ACM (2006)

    Google Scholar 

  28. OD Team: OpenWRT wireless freedom. https://openwrt.org/

  29. Van Veen, B., Buckley, K.: Beamforming: a versatile approach to spatial filtering. IEEE ASSP Mag. 5, 4–24 (1988)

    Article  Google Scholar 

  30. Wang, J., Lee, J., Quek, T.Q.S.: Best antenna placement for eavesdroppers: distributed or co-located? IEEE Commun. Lett. 20, 1820–1823 (2016)

    Article  Google Scholar 

  31. Wyner, A.D.: The wiretap channel. Bell Syst. Tech. J. 54, 1355–1387 (1975)

    Article  Google Scholar 

  32. Yang, N., Yeoh, P.L., Elkashlan, M., Schober, R., Collings, I.B.: Transmit antenna selection for security enhancement in MIMO wiretap channels. IEEE Trans. Commun. 64, 144–154 (2013)

    Article  Google Scholar 

  33. Zou, Y., Zhu, J., Wang, X., Leung, V.C.M.: Improving physical-layer security in wireless communications using diversity techniques. IEEE Netw. 29, 42–48 (2015)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design (SUTD), Singapore, Singapore

    Daniele Antonioli & Nils Ole Tippenhauer

  2. Ecole Polytechnique Federale de Lausanne (EPFL), Lausanne, Switzerland

    Sandra Siby

Authors
  1. Daniele Antonioli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sandra Siby
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nils Ole Tippenhauer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniele Antonioli .

Editor information

Editors and Affiliations

  1. ETH Zürich, Zürich, Switzerland

    Srdjan Capkun

  2. Chinese University of Hong Kong, Shatin, Hong Kong

    Sherman S. M. Chow

A Appendix

A Appendix

Figure 9 shows the result of our BER and PER analysis using model D. Figure 10 shows the result of our BER and PER analysis using model E. Figure 11 shows expected BER and PER for a free-space path-loss model.

Fig. 9.
figure 9

802.11n Model D (office) BER/PER using BPSK. Red lines represent Eve. Green and Blue lines represent Bob when L = 2 and L = 4. (Color figure online)

Full size image
Fig. 10.
figure 10

802.11n Model E (Large office) BER/PER using BPSK. Red lines represent Eve. Green and Blue lines represent Bob when L = 2 and L = 4. (Color figure online)

Full size image
Fig. 11.
figure 11

Free Space Path Loss (LOS) BER/PER using BPSK. Red lines represent Eve. Green and Blue lines represent Bob when L = 2 and L = 4. (Color figure online)

Full size image
Table 5. Eve’s PER vs. PER thresholds vs. distances. Columns represent different distances from Eve to Alice (\(d_{AE}\)). Rows represent different PER thresholds. Comma-separated values represent the rounded-down percentage of experimental runs where Eve’s PER was above the threshold for 802.11b, n, and ac.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Antonioli, D., Siby, S., Tippenhauer, N.O. (2018). Practical Evaluation of Passive COTS Eavesdropping in 802.11b/n/ac WLAN. In: Capkun, S., Chow, S. (eds) Cryptology and Network Security. CANS 2017. Lecture Notes in Computer Science(), vol 11261. Springer, Cham. https://doi.org/10.1007/978-3-030-02641-7_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02641-7_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02640-0

  • Online ISBN: 978-3-030-02641-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation